package me.zhengjie.modules.security.service.impl;

import me.zhengjie.modules.security.service.dto.JwtUserDto;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.util.Assert;

/**
 * @Description TODO
 * @Author Long
 * @Date 2021/8/26 18:08
 */

public class KwAuthenticationProvider implements AuthenticationProvider {


    private UserDetailsService userDetailsService;

    private PasswordEncoder passwordEncoder;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        KwAuthenticationToken authenticationToken = (KwAuthenticationToken) authentication;

        UserDetails userDetails = userDetailsService.loadUserByUsername((String) authenticationToken.getPrincipal());


        if (userDetails == null) {

            throw new UsernameNotFoundException("用户名/密码无效");

        } else if (!userDetails.isEnabled()) {

            throw new DisabledException("用户已被禁用");

        } else if (!userDetails.isAccountNonLocked()) {

            throw new LockedException("账号已被锁定");

        } else if (!userDetails.isCredentialsNonExpired()) {

            throw new LockedException("凭证已过期");
        } else if (authenticationToken.getCredentials() != null) {

            JwtUserDto dto = (JwtUserDto) userDetails;
            // 匹配密码
            boolean ism = passwordEncoder.matches(authenticationToken.getCredentials().toString(), dto.getUser().getPassword());
            if(!ism) {
                throw new UsernameNotFoundException("用户名/密码无效");
            }
        }

        KwAuthenticationToken authenticationResult = new KwAuthenticationToken(userDetails,
                userDetails.getAuthorities());

        authenticationResult.setDetails(authenticationToken.getDetails());

        return authenticationResult;
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return KwAuthenticationToken.class.isAssignableFrom(authentication);
    }

    public UserDetailsService getUserDetailsService() {
        return userDetailsService;
    }

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        Assert.notNull(passwordEncoder, "passwordEncoder cannot be null");
        this.passwordEncoder = passwordEncoder;
    }

    protected PasswordEncoder getPasswordEncoder() {
        return passwordEncoder;
    }

}
